DCERPC is a standard IPC mechanism for Windows networks. It’s used for authentication,
Microsoft Exchange, printing, and a huge boatload of other stuff. Get used to
seeing it. Microsoft’s documentation is virtually non-existent, but Luke Leighton’s book “DCE/RPC over SMB” (available on Amazon) makes
the subject somewhat less opaque.
It might also help you to study the CIFS spec.
--Eric
-----Original Message-----
From: Willy
[mailto:willybo@xxxxxxxxxx]
Sent: Thursday, September 11, 2003
7:27 PM
To: ethereal-users@xxxxxxxxxxxx
Subject: [Ethereal-users] DCERPC
Protocol
While monitoring LAN traffic today I
noticed one of the controllers was spitting out DCERPC protocol packets as seen
by Ethereal (Win ver). This only occurs when the fifth data byte is 5 (with 4
0's leading it). When the packet data is any of the other numbers we use (1-7)
it is represented properly as an 80 byte data packet. All data in the packets
is the same with the exception of the fifth byte which we use as a controller
ID number.
The question is what triggers
a packet to be DCERPC? I can't seem to find a simple reference to this. We
aren't (at the current time) experiencing any data problems (we know of) at the
receive end. But there is some concern that our byte allocation in the data
packet may be causing this. Is there a reference to this protocol somewhere
that won't require wading through code to find the answer?
Thank You
Willy Borchardt